The PAMonCloud Offering includes CyberArk PAM products, delivered as AWS AMIs and Azure images, along with AWS CloudFormation and Azure ARM templates to automate deployment.
- Windows Server 2022 images are now available for all Windows based components.
- New Terraform deployment offering: The PAMonCloud solution is now available in Terraform for both Azure and AWS, offering more flexibility, self-tailored configurations, cross-region deployments, and the benefits of using the IaC platform. PAMonCloud-terraform modules and examples are publicly available at: PAMonCloud-Terraform
- Product configuration and registration are now executed as part of the instance's userdata, rather than CloudFormation::Init.
- Product configuration and registration failures are tracked and raised in real-time, rather than only at stack timeout.
- Enhanced CloudWatch logging for better observability during deployment.
- Deployment and configuration time for Windows-based components has been significantly reduced.
- Removed usage of ManagedIdentityExtensionForWindows.
- Windows components are no longer published based on Windows Server 2016. You can create Win2016-based images using the BYOI solution to suit your needs (subject to product system requirements).
- Lambda functions are running using Python 3.11
- Patches for PAM products will be distributed and supported as images for new deployments.
PTA & PSMP are deployed on RHEL 9, instead of RHEL 8
- Support PAS version 14.0
- Updated EC2 instance size options to match CyberArk PAS products system requirements.
- Minor bug fixes
- Updated Azure default VM sizes to match CyberArk PAS products system requirements.
- PAS-AIO-DR-Deployment CloudFormation template was removed
- Custom AMI as Parameter - A new optional parameter has been added to the CloudFormation templates, allowing customers to enforce the usage of a specific AMI ID for each PAS component.
- Support Non-Zone Regions - Customers now have the ability to deploy all components (excluding the Primary Vault) in non-zone regions.
- PTA Deployment as Part of the Full PAS and Single Component Deployments - Unified templates have been developed to deploy PTA in the same manner as all other PAS components.
PTA Does Not Require Its Own License - Uploading a PTA license to an S3 bucket/storage blob and providing it to the CF/ARM template is no longer necessary.
PTA and Vault Timezones are automatically configured for PTA deployments, the parameters where removed from the CF/ARM template.
- Improved parameter validation
- Lambda functions are running using Python 3.7
- Vault disks are now encrypted
PTA is deployed on RHEL 8, instead of Centos 7
Vault safe data is being stored in a separated drive (E:)
- AWS : Windows Server 2019 compatibility for all Windows-based components (for PAS version 12.6 and above)
- Azure : Windows Server 2019 compatibility for all Windows-based components (for PAS version 12.6 and above)
- AWS: the required ImageIds are gathered on demand via a lambda function, the previously used ImageId mapping by region was removed
- AWS : PSMP now supports the usage of MFA
- AWS : PSMP CVE-2021-4034 fix
- Azure : ptaAccessSAS parameter as part of import-pas-images.ps1
- AWS: PSMP is deployed on RHEL 8, instead of Amazon Linux 2
- AWS: PTA instance type changed to m5 options
- Support version 12.1
- Support version 12.0
- Support version 11.7
- Azure: Support for PTA
- Support for cross cloud and cross region Vault deployment
- Support version 11.4
- AWS: Vault AMI is available on Windows server 2016
- AWS: New EC2 types are available for cost savings and performance improvements in the PAS components
- AWS: Simplify the cloud formation to make it more readable and user friendly
- Added support to private link network
- AWS: Update commercial 11.2 AMI ids
- AWS: Update gov cloud 11.2 AMI ids
- Return error in case of registration failure (applies to all templates)
- CF script is stalling at the StoreMasterPassword and StoreAdminPassword stage (#00816191)
- AWS: Release 10.10 commercial
- AWS: Release 10.10 government (NAT network only)
- AWS: Add us-gov-east-1 region support (NAT network only)
- Azure: Fixed Case Number 00730271 : Second PSMP deploy fails
- Deployment logs are sent to CloudWatch
- Templates support deployment on GovCloud
- Us-east-2 region to AWS templates
- Template to deploy single component on Azure in customer network
- import-pas-images script now accepts AccessSAS per component
- PAS-AIO-Network CloudFormation template was removed